72 matches found
EUVD-2026-45275
IBM Langflow OSS 1.0.0 through 1.10.0 contain a critical remote code execution vulnerability in the code validation API endpoint. The POST /api/v1/validate/code endpoint accepts user-supplied Python code and executes it directly using Python's built-in exec function without sandboxing, input...
CVE-2026-40501
Cherry Studio versions 1.2.2–1.9.12 contain a remote code execution vulnerability in the SearchService due to a nodeIntegration misconfiguration. When an Electron BrowserWindow is created with nodeIntegration enabled and contextIsolation disabled, control over search provider content (provided by...
CVE-2026-7871
IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute arbitrary code with full application privileges, compromising all secrets, data, and system integrity...
CVE-2026-7871
IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute arbitrary code with full application privileges, compromising all secrets, data, and system integrity...
EUVD-2026-40382
IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute arbitrary code with full application privileges, compromising all secrets, data, and system integrity...
CVE-2026-7871
CVE-2026-7871 affects IBM Langflow OSS 1.0.0–1.10.0. A deserialization flaw in the Redis cache backend allows attackers with Redis access to execute arbitrary code with full application privileges, compromising secrets, data, and system integrity. IBM notes the issue arises from unsafe deserializ...
PT-2026-53948
Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.10.0 Description Users with access to Redis can execute arbitrary code with full application privileges. This allows for the compromise of all secrets, data, and system integrity. Recommendations At th...
EUVD-2026-36555
Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, a program able to write bytes to a kitty terminal — a remote SSH peer, a downloaded file viewed with cat, a log line, an email body rendered in less, an issue body in a TUI, etc. — can cause kitty to execute...
CVE-2026-44883
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer's authentication middleware accepts JWT bearer tokens passed...
CVE-2026-44883
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer's authentication middleware accepts JWT bearer tokens passed...
EUVD-2026-33059
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer's authentication middleware accepts JWT bearer tokens passed...
PT-2026-41143
Name of the Vulnerable Software and Affected Versions Portainer Community Edition versions 2.33.0 through 2.33.7 Portainer Community Edition versions 2.39.0 through 2.39.1 Portainer Community Edition versions prior to 2.41.0 Description The authentication middleware accepts JSON Web Tokens JWT...
EUVD-2026-4681
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 contain an authorization flaw in the user management API that allows a low-privileged authenticated user to change the administrator account password. By sending a crafted request directly to the backend endpoint, an...
SnapGear Management Console SG560 跨站请求伪造漏洞
SnapGear Management Console SG560 is a versatile network security gateway from SnapGear. The SnapGear Management Console SG560 suffers from a cross-site request forgery vulnerability that stems from susceptibility to a cross-site request forgery attack that could result in the creation of a new...
CVE-2021-47730
Selea Targa IP OCR-ANPR Camera contains a cross-site request forgery vulnerability that allows attackers to create administrative users without authentication. Attackers can craft a malicious web page that submits a form to add a new admin user with full system privileges when a logged-in user...
CVE-2025-41086
Vulnerability in the access control system of the GAMS licensing system that allows unlimited valid licenses to be generated, bypassing any usage restrictions. The validator uses an insecure checksum algorithm; knowing this algorithm and the format of the license lines, an attacker can recalculat...
CVE-2025-41086
The CVE-2025-41086 affects GAMS licensing: the licensing system validator uses an insecure checksum algorithm, allowing an attacker who knows the checksum method and license-line format to recompute a valid checksum and forge licenses. This enables unlimited valid licenses, bypassing usage restri...
CVE-2025-41086 Authorization bypass in GAMS from GAMS Development Corp.
Vulnerability in the access control system of the GAMS licensing system that allows unlimited valid licenses to be generated, bypassing any usage restrictions. The validator uses an insecure checksum algorithm; knowing this algorithm and the format of the license lines, an attacker can recalculat...
KeeneticOS 安全漏洞
KeeneticOS is an operating system from the German company Keenetic. A security vulnerability exists in KeeneticOS versions prior to 4.3, which stems from the presence of cross-site scripting on the Wireless ISP page that could allow an attacker to add a user with full privileges and take over the...
CVE-2025-56007
CRLF-injection in KeeneticOS before 4.3 at "/auth" API endpoint allows attackers to take over the device via adding additional users with full permissions by managing the victim to open page with exploit...